OUR FRAMEWORKS

Think Beyond the Framework

Manage and automate all of your frameworks and see how they fit into the bigger Compliance picture.

See All Frameworks
vi image
Free 30-day trial
vi image
Fast onboarding
vi image
Unlimited plugins & frameworks

Compliance at Its Best:
See what customers have to say about The anecdotes Compliance OS

SOC 2. HIPAA. ISO. PFL. BLT.

Those last two are made up, but we had you sweating, right? Point is, your Compliance program is way more than the alphabet soup of certifications and reports. But you still need them, so The anecdotes Compliance OS is here to make it easier by providing a more direct, customized path to the specific certifications you need.
optional title

Cross Mapping

Why do the same thing twice? With The anecdotes Compliance OS your work from existing frameworks is leveraged to achieve more Compliance milestones. Your evidence is automatically linked to relevant controls across various frameworks so that you can easily grow your Compliance program.

“We started with SOC 2 and are now using the platform for ISO, which has been made much easier thanks to the cross mapping of evidence.”
optional title

Unified Control View

Already built a framework tailored to your organization’s needs? Want to build one? No problem! With The anecdotes Compliance OS you can power your custom framework with data and automation to continue to mature your Compliance posture.

“It's easy to navigate and look at the process from different views, such as all evidence collected or the list of required controls and their status.”
optional title

Custom Framework

Give your organization a bird’s eye view of your Compliance posture, based on business units, and not only frameworks. You can utilize overlap of controls and requirements across the frameworks, reducing the number of duplicating controls and thus, time spent on manually managing hundreds of controls.

“The best thing about Anecdotes is... The support to upload your own common control framework for a more savvy compliance program.”

20+ Frameworks
Mapped & Ready

Fuel Your Compliance Engine With Data

The anecdotes Compliance OS* has got you covered from every angle.

* What is OS?
We know what you’re thinking – OS = fancy buzzword, roll m’ eyes. Yeah, maybe in some cases – but not here. An Operating System is a digital workspace that provides various applications to be used as needed, regardless of the underlying hardware and sources. With the anecdotes Compliance OS, you can choose whatever application you need with full autonomous background processes to support them. And that’s why it’s a real OS.

Application Layer - Every business process and need has a correlating application, enabling it to correspond to, and answer, different challenges. 

Data Pool Layer -
Normalized and structured data in an evidence pool serves as the basis of every application usage. 

Plugins Layer - Dozens of plugins from the most common tools and environments, to extract all the data needed for the Compliance OS and the Data Pool Layer.

This is how it works:
We start at the Plugins Layer. This is where evidence is automatically collected from multiple sources; on-premise, private cloud, public cloud, and SaaS tools. Ya know, everything, basically.
Last is the Application Layer. This is where the magic happens. Every business process and need has a correlating application, which enables it to correspond to, and answer, different challenges.
Next comes the Data Layer. This is where normalized and structured data is housed in an evidence pool to serve as the basis of every application usage. (No, not that kind of pool. But still beneficial.)
These layers and processes form the basis of the anecdotes Compliance OS, a fundamental change to the way Compliance has always worked. Or not worked, really. 
Start your free trial
Our Clients & Partners

Want More Credible Evidence?

Read {company_name}’s Case Study and find out how one of the biggest {company_industry}  companies in the world owned their compliance and took it to the next level with anecdotes Compliance OS

Read {company_name} Case Study

Start Free Trial
dashes

anecodotes' innovative approach to data sharing is a hallmark of a new generation of cybersecurity solutions that deliver maximum value by breaking down data silos between vendors and customers.

omer image
Omer Singer
Head of Cyber Security Strategy @ Snowflake
dashes

As Ginzi grows, our Compliance process becomes more complex. anecdotes makes meeting new frameworks simple.

Ben image
Ben Jacobs
Co-founder and CEO @Ginzi
dashes

anecdotes is a competitive advantage. We are able to increase trust with our customers by giving them the option to monitor our Compliance posture in real time on the anecdotes platform.

Jonathan image
Jonathan Schneider
Co-founder and CEO @Moderne, Inc.
dashes

anecdotes does more than just automation. Based on a deep understanding of our business, anecdotes has helped us make the cultural changes we needed to make sure we are compliant.

Asaf image
Asaf Moses
Founder & CEO @CredCompare
dashes

With anecdotes, we were able to easily collect evidence for our ISO 27001:2018 certification, with plugins that easily connected to most of our infrastructure and automatically gathered all of the necessary information. This saved us a lot of precious time.

Vlad image
Vladislav Gust
Information Security Officer @PortXchange
arrow right

SOC 2

Service Organization Control 2 (SOC 2) framework is a procedure for auditing service-oriented companies to assure their customers of a high-level security posture (with flavors of privacy, processing integrity, availability and others) when using those services. This is in lieu of performing your own audit on those service providers.
Read More

HIPAA

The Health Insurance Portability and Accountability Act of 1996 is a United States federal statute meant to provide assurance to US citizens that their healthcare information is collected, processed, stored, and transmitted for their health benefit and in a secure manner.
Read More

PCI-DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a checklist of expected security standards designed to ensure that companies who collect, process, store, or transmit credit card information maintain a secure environment to prevent disclosure and misuse of the credit card information.
Read More

ITGC (SOX)

IT General Controls (ITGC) is a framework of general IT and security controls that are recommended to implement to properly manage IT systems and processes. This framework is commonly used by traded companies as part of their Sarbanes-Oxley Act processes, and also by organizations implementing the CobiT framework.
Read More

ISO 27001

ISO/IEC 27001:2019 specifies PIMS-related requirements and provides guidance for PII controllers and PII processors holding responsibility and accountability for PII processing.
Read More

ISO 27017

ISO/IEC 27017:2015 is the code of practice for cloud service customers and providers wishing to incorporate their cloud security into the ISMS (for certified ISO 27001 organizations).

CSA STAR

Cloud Security Alliance (CSA) Security, Trust, Assurance and Risk (STAR) is a security-centric framework that allows cloud service providers (CSPs) to attest to, or be audited against, a cloud control matrix (CCM), which is now in its 4th iteration.

ISO 22301

ISO 22301 specifies requirements to implement, maintain and improve a business continuity management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to, and recover from disruptions when they arise.

ISO-IEC 27001:2022

Specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization.

ISO-IEC 27018

ISO/IEC 27018:2019 is a common set of security categories and controls that can be implemented by a public cloud computing service provider acting as a PII processor, wishing to incorporate it into the ISMS (for certified ISO 27001 organizations).

CSA CoC - GDPR

Cloud Security Alliance (CSA) Code of Conduct is a privacy-centric framework that allows cloud service providers (CSPs) to attest to, or be audited against, a Code of Conduct for achieving GDPR compliance (when combined with a minimum security baseline, such as the CSA STAR).

SCF - EU GDPR

Secure Controls Framework (SCF) EU GDPR Compliance Criteria (EGCC) provides a “paint by numbers” approach to complying with GDPR, since GDPR is leveraging work you should already have done through your existing cybersecurity and privacy program.

NIST 800-171

Aims to protect controlled unclassified information (CUI) in non-federal systems and organizations.

NIST CSF

NIST Cybersecurity Framework (CSF) is a high-level framework aiming to assist organizations in managing cybersecurity risk. It can be implemented in a customizable manner.

NYDFS Part 500

The New York State Department of Financial Services published Cybersecurity Regulation (commonly known as Part 500) that applies to organizations operating under the Banking Law, the Insurance Law, or the Financial Services Law (considered "covered entities").

TISAX ISA

The Information Security Assessment (ISA) is an information security requirements catalog based on key aspects of the international standard ISO/IEC 27001. It is used by companies both for internal purposes as well as assessments by suppliers and service providers who process sensitive information from their respective companies.

PCI-DSS SAQ A-EP

PCI DSS Self-Assessment for 'Partially Outsourced E-commerce Merchants Using a Third-Party Website for Payment Processing'.

PCI-DSS SAQ A

PCI DSS Self-Assessment for 'Card-not-present Merchants, All Cardholder Data Functions Fully Outsourced'.

Open Finance DSS

OFDSS establishes a common framework for consumer data security, privacy, and control that also supports innovation among new and emerging cloud-native, digital finance companies.

CIS v8

The CIS Critical Security Controls (CIS Controls) are a prioritized set of Safeguards to mitigate the most prevalent cyber-attacks against systems and networks.

Custom Framework

power your custom framework with data and automation to mature your Compliance posture with efficiency.

Scale Your Compliance With the Only Solution for Growing Companies

Made for Your Complex IT Stack

From your cloud environments to your SaaS tools, connect it all – without complexity limits.

Customized for Your Success

Tailor your frameworks, controls, and internal audits to meet the specific needs of your program.

Cross-Framework Solution

We map evidence to all applicable/relevant controls and frameworks, creating true cross-mapping across frameworks.

Robust Security Architecture

Store data and secrets in your own environment to own and retain them at all times. 

Data-Powered Compliance

Utilize data-powered Compliance artifacts to gain true visibility into your Compliance posture.

One Workspace for Your Needs

Centrally address all your Compliance needs, with a holistic solution that pairs advanced automation with monitoring capabilities.

vi image

Made for Your Complex IT Stack

From your cloud environments to your SaaS tools, connect it all – without complexity limits.
vi image

Robust Security Architecture

Store data and secrets in your own environment to own and retain them at all times. 
vi image

Customized for Your Success

Tailor your frameworks, controls, and internal audits to meet the specific needs of your program.
vi image

Data-Powered Compliance

Utilize data-powered Compliance artifacts to gain true visibility into your Compliance posture.
vi image

Cross-Framework Solution

We map evidence to all applicable/relevant controls and frameworks, creating true cross-mapping across frameworks.
vi image

One Workspace for Your Needs

Centrally address all your Compliance needs, with a holistic solution that pairs advanced automation with monitoring capabilities.

Trusted By the Fastest Growing Cloud-First Companies

arrow right

Go Where Compliance Works